From 035d1eb2a67ffbeeaed09d27d80339d807bce6a0 Mon Sep 17 00:00:00 2001 From: Gardouille Date: Mon, 19 Oct 2020 17:34:04 +0200 Subject: [PATCH] Add LUKS management --- debian/chroot.install | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/debian/chroot.install b/debian/chroot.install index 8a33383..2f08cb2 100755 --- a/debian/chroot.install +++ b/debian/chroot.install @@ -21,6 +21,12 @@ manage_part=0 manage_btrfs=1 ## If the script should create extra volume (eg. backup, virt, Proxmox,…) manage_extra_lv=0 +## If the script should cipher data with LUKS +manage_luks=0 +## You need to set a new passphrase after the installation or at least change this one +luks_passphrase="generic key" +luks_key_file="/tmp/luks.keyfile.temp" +luks_pv_name=$(basename "${hdd}"2_crypt) ## Colors definition {{{ BLACK='\033[49;30m' BLACKB='\033[49;90m' @@ -39,7 +45,7 @@ RESET='\033[0m' ## Package to exclude from debootstrap install dbs_pkg_exclude="vim-tiny" ## Package to include to debootstrap install -dbs_pkg_include="aptitude,btrfs-progs,bzip2,debconf-i18n,dialog,dmsetup,htop,isc-dhcp-client,isc-dhcp-common,locales,lvm2,openssh-server,pciutils,tmux,vim-nox,wget,zsh" +dbs_pkg_include="aptitude,btrfs-progs,bzip2,cryptsetup,debconf-i18n,dialog,dmsetup,htop,isc-dhcp-client,isc-dhcp-common,locales,lvm2,openssh-server,pciutils,tmux,vim-nox,wget,zsh" # Prepare host system {{{ apt update @@ -61,8 +67,16 @@ if [ "${manage_part}" -eq 0 ]; then ### LV parted "${hdd}" mkpart primary 512MB 100% || exit 1 parted "${hdd}" set 2 lvm on - sudo pvcreate "${hdd}"2 - sudo vgcreate "${vgname}" "${hdd}"2 + if [ "${manage_luks}" -eq 0 ]; then + rm -f -- "${luks_key_file}" && printf '%b\n' "${luks_passphrase}" > "${luks_key_file}" + cryptsetup -c aes-xts-plain -s 512 --use-random -y luksFormat "${hdd}"2 "${luks_passphrase}" --key-file "${luks_key_file}" || exit 2 + cryptsetup luksOpen "${hdd}"2 "${luks_pv_name}" --key-file "${luks_key_file}" || exit 2 + pvcreate /dev/mapper/"${luks_pv_name}" + vgcreate "${vgname}" /dev/mapper/"${luks_pv_name}" + else + pvcreate "${hdd}"2 + vgcreate "${vgname}" "${hdd}"2 + fi fi mkfs.ext3 -F -L boot -- "${hdd}"1